Closed
Bug 986664
Opened 10 years ago
Closed 10 years ago
Make Android FxAccountClient* HAWK requests always include request payload hash
Categories
(Firefox for Android Graveyard :: Android Sync, defect, P3)
Tracking
(firefox29 affected, firefox30 affected, firefox31 fixed, fennec29+)
RESOLVED
FIXED
Firefox 31
People
(Reporter: nalexander, Assigned: nalexander)
References
Details
See discussion in Bug 985766, especially https://bugzilla.mozilla.org/show_bug.cgi?id=985766#c9.
Assignee | ||
Updated•10 years ago
|
Component: Server: Firefox Accounts → Android Sync
Product: Mozilla Services → Android Background Services
Assignee | ||
Comment 1•10 years ago
|
||
rnewman: this should be tracking 29, but I don't have permissions (!?).
Flags: needinfo?(rnewman)
Updated•10 years ago
|
tracking-fennec: --- → 29+
status-firefox29:
--- → affected
status-firefox30:
--- → affected
status-firefox31:
--- → affected
Comment 2•10 years ago
|
||
To be precise, the requests should always *provide* payload verification hashes. HAWK clients don't have a way to ask the server to verify payloads or not (that's the server's decision). Also, we should be clear that this isn't about having the client verify *responses*, which is another option in the HAWK world (which we don't use). It's only about having requests include a "hash=" attribute in the "Authorization:" header, which contains a hash of the payload. The current code only does this for a few (one?) kinds of requests; the desired behavior is to do it for all POSTs.
Assignee | ||
Comment 3•10 years ago
|
||
warner: Roger that. This will mean making FxAccountClient.RequestDelegate set the boolean based on the request method (or similar).
Flags: needinfo?(rnewman)
Summary: Make Android FxAccountClient* HAWK requests always request payload verification → Make Android FxAccountClient* HAWK requests always include request payload hash
Assignee | ||
Updated•10 years ago
|
Priority: P1 → P3
Assignee | ||
Comment 4•10 years ago
|
||
The PR in Bug 985766 is, in fact, addressing this ticket. Will update the bug number before landing.
Assignee | ||
Comment 5•10 years ago
|
||
Well, that was a bumpy landing. https://hg.mozilla.org/integration/fx-team/rev/4a44ad0248ba
Status: NEW → ASSIGNED
Assignee | ||
Updated•10 years ago
|
Comment 6•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/4a44ad0248ba
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 31
Updated•7 years ago
|
Product: Android Background Services → Firefox for Android
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•